A few years ago we wrote about a handy bookmarklet that would make Firefox remember passwords on some sites that ordinarily wouldn’t, like Yahoo! or Paypal. Some people on the article were reporting that this no longer works in Firefox 3, but one anonymous commenter referenced a rather clever workaround.
The trick requires the modification of a JavaScript file that Firefox uses for managing login-related tasks. Once the workaround is applied Firefox will start ignoring any attributes in the login forms that try to tell the browser not to remember a password. You’ll still be able to choose whether or not you want a password remembered for a particular site, but at least now the choice will be left up to you.
First things first. We need to open the nsLoginManager.js file in a text editor. The location of the file is a bit different depending on what OS you’re using:
- Windows:
You’ll find the file in the components folder where Firefox was installed:
C:\Program Files\Mozilla Firefox\components\nsLoginManager.js - Mac:
Find Firefox in your Applications folder, right-click on it, and choose the option to Show Package Contents. Then within the Firefox.app navigate to the file:
Firefox.app\Contents\MacOS\components\nsLoginManager.js
Alright. This is where my instructions get a little different than what’s provided by the person who found this workaround. They want you to remove a few lines of code from this file, but all you really need to do is flip a value from true to false. That way it’s a lot easier to revert back to the file’s original state should you ever need to.
Now you need to perform a search on the file for:
_isAutocompleteDisabled
You should be taken to a section of the file that looks something like this:
You’ll notice that I’ve highlighted line number 770 (your line number may be different), and it says:
return true;
You need to change that to say:
return false;
It should now look like this:
Save the changes to this file, and then restart Firefox. Now when you go to a site like Paypal you should see a prompt to save the password just like it does for most other sites:
The only downside to this trick is that you may need to re-apply it after updating or reinstalling Firefox. Other than that it works great, and is a little nicer than the bookmarklet since it doesn’t require any additional interaction after being set up.
Well what about security? Why should I make firefox to remember my paypal account password? Seriously, I just don’t see the point making your system more vulnerable or I’m missing something?
You could always save your profile folder to an encrypted volume, in which case you’ve actually increased overall security anyway.
Now that’s a nice one
Gracias!
If you’re the only person who uses your computer then it’s handy not having to type it in all the time.
There is a Greasemonkey script I use for this:
[userscripts.org]
Will it affect online password management site like MashedLife.com? It shouldn’t, right?
I hope Firefox upgrades regression-test popular applications like that.
What you’re missing is that it won’t automatically save your password, it’ll just give you the option to do so if you want it rather than the website deciding that you should never be allowed to save your password. Adding this tweak doesn’t make your information any less secure, if you have sites you never want it to remember the password for you can still tell it to never remember and not be bothered with it for your secure sites.
If you want to combine real security with logins’ data, you’d better choose Roboform, which handles IE-engined browsers as well (no double data). It’s shareware, but it’s true security.
Ryan,
Do you have any similar (code-tweaking) tips for dealing with websites that have login form fields that don’t allow “copy/paste” of passwords into the field?
That a big aggravation! There are a few web-banking sites I use that allow me to copy/paste the user ID in from my password manager application, but I can’t copy/paste the password field.
Grrrr.
Cheers!
As some have pointed out before me… this doesn’t automatically save your password. You’ll just be given the option to store your password whereas previously you wouldn’t have had the choice.
Unfortunately I don’t… that is probably being controlled by JavaScript on the site you’re using.
Ive seen something similar to this tweak except they comment out the middle part of that function here is the code:
_isAutocompleteDisabled : function (element) {
// if (element && element.hasAttribute(”autocomplete”) &&
// element.getAttribute(”autocomplete”).toLowerCase() == “off”)
// return true;
return false;
},
Is there a difference between your and the one above?
Which is the better way to do it??
@b. moore, no, it makes no difference…
It essentially does the same thing. There are various approaches you can take… I just tried to do what I thought was the easiest.
excellent, i was just double checking to be sure i didnt mess anything up or if their was a better way. thanks again for the tweak!
i altered my firefox to make it so that any password is saved no matter what. the “remember password” buttons and such will still show up, but no matter what you select your password is saved as soon as you submit the form. it wouldn’t take long to make an extension but this would probably be looked down upon.
how do you do that?
doesn’t work on dual field codes… or at least it doesn’t work on meebo
security_pssh -
What is the code tweak to do that?
Thanks
Any idea how to do the equivalent in Firefox 2?
I know someone who can’t upgrade to FF3 because they have an old Mac incapable of running the version of OS X (10.4) that the newer version of the browser requires.
I’d like to use the same hack, but nsLoginManager.js file does not exist in FF2.
Thanks in advance for any help.
Didn’t work?
i’m in mac os X FFv3.0.10
and i changed the isAutocompleteDisabled to say return false both inside and outside of the if statement but it still does not ask for password on gmail (i’ve checked the list of exceptions in preferences and neither google nor gmail are on it)
any suggestions?
thanks
Great tip. I farted around a bit and got it. Guys with security concerns need not worry. This is what I did. I saved all the sites I regularly visit (that needs logins) into my bookmarks. Then I click on the site name under bookmarks, and Firefox alerts me for the master password. I enter the master password and it fills in the fields for me. How to get FireFox to ask for a master password? Simple, go to Edit -> Preferences, select the Security tab, and put a check mark in “Use a master password” under Passwords. There now, no more needing to remember all those passwords and logins. It would be nice if it could automate the login, because I am too lazy to press the login button after FF has filled it in for me. Hope this helps.
I know there is a way to set it up so firefox will always ask you if you want to Remember the password, throught he about:config, but i can’t remember which setting that is.
Is there a .js file tweak like this for (banking) sites that have a 2 stage login where the first screen that takes your userID won’t display it initially but if you doubleclick in the text field autocomplete will list it in a dropdown list?
No, unfortunately the banks are turning to the 2-stage logins so that people can’t really get around them.
I implemented this about a month ago,
and it worked for login.yahoo.com.
Then it stopped working, and I noticed that
I had an entry in my passwords with an empty
login (and a password). When I deleted that,
it began working again. Now it is not working
I checked nsLoginManager.js and it still has the
correct edits.
Any suggestions?
How can I enable the this.log to debug this?
OK, that is my anonymous post above.
I am still having problems with login.yahoo.com
Only, now it works about 9/10 times.
Which makes it very difficult to debug.
Thank you, Ryan! I looked all over the web for a solution to this problem! Excellent tip! Worked well. Fixed my problem. It was easy as pie to find, to understand and to do the simple modification. You did a great job explaining it. An 8 year old could do it. It rocks. People like you are the reason I choose to stay with an open-source browser.
I need help…Gmail suddenly quit saving my login info, so I followed the suggestion online to remove my saved Google password (in Firefox) — but after I erased it, I incorrectly assumed I’d be offered the option to “save this password” anew, which I have not been. I’d like to try your method here, but when I click on the “nsLoginMgr” I get an error code “WIndows Script…Syntax error…Microsoft jscript compilation error.” (and that ominous sound like I’m doing something wrong!) Is there an easy way to get around this? Or should I try reinstalling Firefox? I am a beginner w/all this code stuff, but your explanations above seem easy enough for me to try.
Thanks in advance if anyone can help!
/brown88
First, let me tank you for this trick, it worked, FireFox once again ask if I’d Like it to remember my Password. While making the change in the
C:\Program Files\Mozilla Firefox\components\nsLoginManager.js folder, I ran across what seemed to be some strange looking script, but maybe it is how FireFox wrote it, I don’t know but it looked like someone was trying to obtain my passwords. Here is a snip out of the script I found this section just above were you make the true false change, if needed I can post the full file, but this is the part that jumped out at me. Does anyone else have this same script, or is someone trying to hack me? Thanks for any help.
username field found)”);
// If we’re not submitting a form (it’s a page load), there are no
// password field values for us to use for identifying fields. So,
// just assume the first password field is the one to be filled in.
if (!isSubmission || pwFields.length == 1)
return [usernameField, pwFields[0].element, null];
// Try to figure out WTF is in the form based on the password values.
var oldPasswordField, newPasswordField;
var pw1 = pwFields[0].element.value;
var pw2 = pwFields[1].element.value;
var pw3 = (pwFields[2] ? pwFields[2].element.value : null);
if (pwFields.length == 3) {
// Look for two identical passwords, that’s the new password
if (pw1 == pw2 && pw2 == pw3) {
// All 3 passwords the same? Weird! Treat as if 1 pw field.
newPasswordField = pwFields[0].element;
oldPasswordField = null;
kindly plz someone tell me that by which way i should open this ns login manager.js file so that i can reach at that exact line easily becus there are so many lines which cannot be found by note pad or any other application plz help me
I tried it with ff3.5. It still does not work with hotmail. Has anyone been able to do it with hotmail.
Many thanks.
Is there a way to just get rid of the prompt completely but having firefox automatically remember all passwords?
Works like a charm on Yahoo Mail. Thank you for the easy to follow instructions and snapshots. As Ryan indicated, after I updated to Firefox 3.5.4, I had to re-do this simple change to the js file (I opened it with Notepad and searched for the “_isAutocompleteDisabled” section as instructed) and I’m on the road again.